Pushing subnet address object across entire GMS platform results in "invalid mask" on many 6.5 boxes
eric.burke
Newbie
We recently pushed about a dozen address objects to all of our managed firewalls, but on many of the older units, the subnet objects failed with an invalid mask error. The mask is correct (CIDR with a /20) and it applies on the Gen7 boxes without incident, but on the 6.5 boxes it fails randomly (different objects fail on different boxes). Any thoughts?
Category: Firewall Management and Analytics
0
Answers
Hello,
This may be an issue where the the error message is not accurate in GMS. There may be a failure configuring the address object and GMS cannot properly interpret the message returned by the firewall. Errors resulting from the address object name already existing on the firewall or other similar issue can be tested by attempting to configure the object directly in the firewall UI and verifying if any error is received.
If no error is seen, we would have to verify the actual post string used by GMS to configure the object. This could then be compared to the string used to configure other GEN6/6.5 devices successfully and see if there is any difference as created by GMS. Debugging at this level is a bit more difficult and would likely require a support ticket be opened.
Thanks,
David